Licensing
      Back to home
      1. Knowledge base
      2. Terms & conditions
      3. Licensing

      Licensing policy

      Overall licensing structure

      The following table describes the overall licensing structure and deployment availability.

      Licensing quick guide-1

      Number of licenses over time

      The number of licenses used can vary over time. The number required is the highest number used during the contract period.

      Exceeding license

      Holm Security will consult the customer before charging an additional fee when a customer exceeds their license.

      Unlimited number of activities

      If nothing else is stated in the main contract, each license includes unlimited assessments, scans, simulations, and awareness training.

      Scanner Appliances require no licenses

      If nothing else is stated in the main contract, customers using System & Network Security and Web Application Security can use any number of Scanner Appliances forms where scanning can be performed.

      System & Network Security

      Formerly called System & Network Scanning. 

      Licensed per active IP

      The product is licensed based on active IPs, meaning systems and computers placed in a TCP/IP network. A system can be a physical server and/or virtual machine. The following criteria must be fulfilled for an asset to require a license:

      • One or more TCP or UDP port open with an active service responding.
      • The asset is active. 

      The same server with several IPs (multiple network interfaces), or both an IPv4 and IPv6 connected, will require one license. 

      Example:
      A physical server hosts 7 virtual machines. Each machine has one IPv4 and one IPv6 connected. All machines are actively running. Scanning all 7 machines will require 7 licenses. 

      Device Agent licensed per installation

      Licensing for Device Agent is based on the number of software installations in systems and computers. A Device Agent doesn’t require an additional license if the system or computer has a license based on the IP using System & Network Security.

      Example:
      Scanning a server from the outside using cloud scanners or Scanner Appliances requires one system or computer (static IP address) license connected to the IP address. A Device Agent installed in the same system or computer doesn’t require an additional license.

      No additional licenses are required for policy scanning & authenticated scanning

      Policy scanning and authenticated scanning require a standard System & Network Security license based on the IP. If a system is scanned using multiple methods, such as scanning from the outside, policy scanning, and authenticated scanning, it still only requires one license based on the IP.

      Example:
      An organization scans an IP using multiple scanning methods (scanning using cloud scanners, Scanner Appliance, policy scanning, and authenticated scanning), but only one license is needed for the product.

      Web Application Security

      Formerly called Web Application Scanning.

      License per URL/application

      The product is licensed based on the number of scanned unique web applications (or URLs). Each application scanned requires one unique license.

      Example:
      A web server hosts 5 web applications on separate URLs. To scan all 5 applications, 5 licenses are required. If the customer scans the web server itself, this will also require a license for Systems & Network Scanning for the IP.

      Cloud Security

      Cloud resource definition

      A cloud resource is an object resource within a cloud service. For example, Bucket A in S3 (AWS) is a cloud resource, Instance X in EC2 (AWS) is a cloud resource, and instance Y is another cloud resource within the cloud service EC2 (AWS). The cloud resources that require a license are listed below.

      Cloud service definition

      A cloud service is, for example, EC2 or RDS (AWS).

      Licensing based on cloud resources

      The product is licensed based on the number of unique cloud resources used. 

      Examples:
      5 virtual machine instance resources (EC2) are provisioned within an AWS cloud account. To scan these 5 resources will require 5 licenses.

      3 DB instances resources (RDS) are provisioned within an AWS cloud account. To scan these 3 resources will require 3 licenses.

      Combination with traditional scanning

      Cloud infrastructure can be scanned from the internet using cloud scanners or from the inside using a Scanner Appliance. For example, an EC2 (in AWS) resource running a virtual machine can be scanned targeting the IP and scanned through integration with AWS using the product Cloud Scanning. This will require two licenses: one for scanning the IP from the outside and one for scanning using the integration in the product Cloud Scanning.

      If a Device Agent is installed, the same policy applies under “Device Agent licensed per installation".

      AWS cloud resources where a license is applied:

      • API Gateway API
      • Athena Workgroup
      • CloudFront Distribution
      • DynamoDB Table
      • EC2 Instance
      • ECR Repository
      • ECS Task Definition
      • EFS Filesystem
      • EKS Cluster
      • Elasticache Cluster
      • ELB/ALB/NLB Load Balancer
      • EMR Cluster
      • Firehose Delivery Stream
      • Kinesis Stream
      • Lambda Function
      • RDS Database Instance
      • Redshift Cluster
      • S3 Bucket
      • Sagemaker Notebook
      • SNS Topic
      • SQS Queue
      • Transfer Server

      Azure cloud resources where a license is applied:

      • Authorization Policy Assignments
      • Authorization Policy Definitions
      • Authorization Role Definitions
      • Authorization Locks
      • Blob Containers
      • Compute Virtual Machines
      • Compute Disks
      • Compute Availability Sets
      • Compute Virtual Machine Scale Sets
      • CDN Profiles
      • Container Registries
      • Container Service Managed Clusters
      • Insights Activity Log Alerts
      • Insights Log Profiles
      • Insights Autoscale Settings
      • Insights Diagnostics Settings
      • Key Vaults
      • MySQL Servers
      • Network Virtual Networks
      • Network Security Groups
      • Network Watchers
      • Network Load Balancers
      • Postgres Servers
      • Queues
      • Storage Accounts
      • SQL Servers
      • Security Contacts
      • Security Auto Provisioning Settings
      • Security Pricing
      • Tables
      • Web Sites

      Google cloud resources where a license is applied:

      • Cloud Load Balancers
      • Autoscale Instance Groups
      • Compute Instances
      • Disks
      • Key Rings
      • Crypto Keys
      • Managed DNS Zones
      • IAM Policies
      • IAM Users
      • Service Account Users
      • Kubernetes Clusters
      • Alert Policies
      • Log Sinks
      • SQL Instances
      • Storage Buckets
      • VPC Networks
      • Firewalls

      Oracle cloud resources where a license is applied:

      • Audit
      • Block Storage
      • Cloud Guard
      • Compute
      • Database
      • File Storage
      • Identity
      • Logging and Monitoring
      • Networking
      • OKE
      • Object Store
      • Vaults

      Other products & services

      Organizer

      Licensed per installation of Organizer. A customer can have multiple Organizers.

      Professional Services

      Holm Security Success Program Standard & Holm Security Success Program Standard

      Formerly called Premium Support.

      Licensed per customer, accordingly the maximum license number per customer is one.

      Holm Security Certification Program

      Licensed per attendee (individual) for the certification program.